For some applications that require a greater amount of security, when a user needs to perform sensitive operations, such as resetting a password, modifying a contact phone number reserved by the user, or modifying a login name, the modified information involved in the sensitive operations is mostly the user's private information. Therefore, a process for verifying an identity of the user would be very strict when the user performs the sensitive operations.
For example, when the user performs the sensitive operations, the user may upload credential information and answer a reserved question generated on a webpage. Then a customer service staff manually reviews the credential information uploaded by the user and makes a follow-up phone call. Only after all the above verifications are passed, may the user be permitted to perform the above sensitive operations.
In the above solution, however, if all users need to perform the above strict process for identifying identities while performing the sensitive operations, reviewing credentials uploaded by the users and making follow-up phone calls both require a significant labor cost. Moreover, if the user have to perform a relatively strict identity verifying again for every sensitive operation, user experience may be influenced.
In order to address the above problems, a login terminal used by the user may be verified, the login terminal that is verified is a trusted terminal for the user. When the user uses the trusted terminal to log in and perform a sensitive operation, repeated verification may not necessarily be performed on the user, or only relatively simple verification may be performed.
Generally, a login terminal of a user is verified by transaction information, an IP address, and a login time period of the user. But, in some special application scenarios, for example, when a login terminal is exchanged between users, the above method cannot meet user demands.